General
-
Target
2024-06-16_b4c48d8ba408e6bc045b64ed74f36f38_gandcrab
-
Size
99KB
-
Sample
240616-qz8gdavgkg
-
MD5
b4c48d8ba408e6bc045b64ed74f36f38
-
SHA1
904e52103cc4819b3e2ec6a72f8d20d6abe441c1
-
SHA256
d71cb1a34c591e7e69015b55adbac69a85d91860c159107813f70f578dadb931
-
SHA512
6135cef45c7b0b202e90ca87b31300f3c4348d25ae0bdda750410d9cea9c8b61561a8e9b8ea64b6df98847018d0ae85900fc852335f0870056d3a319e96e2f27
-
SSDEEP
3072:qMSjOnrmBIMqqDL2/mr3IdE8we0Avu5r++ygLIaaypQ8CrS6:qXjOnr6jqqDL6aprYS6
Behavioral task
behavioral1
Sample
2024-06-16_b4c48d8ba408e6bc045b64ed74f36f38_gandcrab.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
2024-06-16_b4c48d8ba408e6bc045b64ed74f36f38_gandcrab.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
gandcrab
http://gdcbghvjyqy7jclk.onion.top/
Targets
-
-
Target
2024-06-16_b4c48d8ba408e6bc045b64ed74f36f38_gandcrab
-
Size
99KB
-
MD5
b4c48d8ba408e6bc045b64ed74f36f38
-
SHA1
904e52103cc4819b3e2ec6a72f8d20d6abe441c1
-
SHA256
d71cb1a34c591e7e69015b55adbac69a85d91860c159107813f70f578dadb931
-
SHA512
6135cef45c7b0b202e90ca87b31300f3c4348d25ae0bdda750410d9cea9c8b61561a8e9b8ea64b6df98847018d0ae85900fc852335f0870056d3a319e96e2f27
-
SSDEEP
3072:qMSjOnrmBIMqqDL2/mr3IdE8we0Avu5r++ygLIaaypQ8CrS6:qXjOnr6jqqDL6aprYS6
Score10/10-
GandCrab payload
-
Detects ransomware indicator
-
Gandcrab Payload
-
UPX dump on OEP (original entry point)
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-